From f6a73231ab64629a11aea445c854819cff06db75 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Sat, 18 Jun 2022 16:13:08 +0200
Subject: [PATCH] Synapse workers should respect X-Forwarded headers

Currently, Synapse workers ignore the X-Forwarded headers, which leads to internal Docker IP addresses randomly appearing in the users' device list.

This adds the `x_forwarded: true` option to the worker config, fixing the issue.
---
 roles/matrix-synapse/templates/synapse/worker.yaml.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2
index 40714f44..239de1f2 100644
--- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2
@@ -26,6 +26,7 @@ worker_listeners:
 {% if http_resources|length > 0 %}
   - type: http
     bind_addresses: ['::']
+    x_forwarded: true
     port: {{ matrix_synapse_worker_details.port }}
     resources:
       - names: {{ http_resources|to_json }}